Insurance giant AXA S.A. has been hit by a massive ransomware attack, just days after announcing that it would no longer cover damage from that class of cyberattack in France.

According to Reuters, French insurer AXA said on Sunday that the cyberattack has targeted its Asia Assistance division, impacting IT operations in Thailand, Malaysia, Hong Kong and the Philippines.

“As a result, certain data processed by Inter Partners Asia (IPA) in Thailand has been accessed,” the Paris-based company said, adding it would notify corporate clients and individuals if it found they had been affected, Reuters reports. 

According to Hackread, the Avaddon ransomware group is behind the attack, claiming responsibility on its dark web site. The group claimed to have stolen 3 terabytes of data, including a long list of information: ID cards, passport copies, customer claims, reserved agreements, denied reimbursements, payments to customers, contract and reports, customer IDs and bank account scanned papers, hospital and doctor reserved material (private investigation for fraud) and customer medical reports including HIV, hepatitis, STD and other illness reports.

"This series of events underpins the need for every organization to be diligent with cybersecurity," says Jack Kudale, founder and CEO of Cowbell Cyber. "Organizations should always have backups ready, deploy security best practices, multi-factor authentication (MFA), don’t reuse passwords and continue to patch systems. Additionally, organizations must raise employees awareness on cybersecurity so that they can be the first line of defense and recognize malicious activities. "

Joseph Carson, chief security scientist and Advisory CISO at ThycoticCentrify, explains that organizations must take ransomware more seriously as it will continue to be one of the most prevalent threats to organizations. 

A recent Sophos survey, The State of Ransomware 2021 report, revealed that 37% of organizations experienced a ransomware attack in the last 12 months– down from 51% in 2020. However while the number of organizations being hit by ransomware has dropped since last year, the financial impact of an attack has more than doubled, increasing from US$761,106 in 2020 to US$1.85 million in 2021. 

Carson says, "Ransomware continues to be very costly for many businesses – the price you pay for not being prepared is on the rise. It only takes one employee with local admin privileges clicking on a malicious email attachment to take down an entire company. In recent years we have seen cyber insurance on the rise, with some insurance companies even negotiating with the cybercriminals for a discount, however this is just making ransomware crime more lucrative and successful for the criminals. We must educate companies and citizens on how to reduce the risks and become more resilient so that paying a ransom is not even an option to consider."

This latest ransomware attack is an unfortunate but unsurprising result, says Sean Cordero, Security Advisor at Netenrich.

Cordero adds, "Some organizations struggle to have sufficient visibility into the cybersecurity practices and controls across their business partners and subsidiaries. It's a perpetual problem, one which, at times, only uses self-attestation and trust to perform any due diligence. This validation is a vast and industry-wide burden that requires increases in collaboration,  transparency, and efficacy across all cybersecurity stakeholders. The lessons learned from this attack may lead to better ways to collaborate across the insured and insurer as this attack implies a weakness in risk assessment, validation, or execution. I imagine that the professionals responsible for achieving positive returns on cybersecurity policies may have renewed discussions with assessors and underwriters in the wake of this most recent incident."